Continuing with our discussion regarding identity, let’s look at a few concepts that provide a toolset for improving the situation we’re stuck with regarding passwords. These concepts can make establishing someone’s identity both easier and more secure.
- Single Sign On (SSO)
- Multi-factor Authentication (MFA)
- Federated Identity Management (FIM)
Our goal is to overcome the inherent weakness of passwords as the only method for authenticating to websites and applications.
Single Sign On (SSO)
SSO is an authentication process that allows a person to use just one set of credentials — that is, a name and a password — in many places within one system. SSO greatly reduces password fatigue.
Note: SSO is not the same as simply using one password everywhere. Doing that is a very bad idea, and the bad actors of the world know that up to 60% of users do it anyway. Hackers employ software that takes your user-name-and-password combination from a breached site and then uses it to attempt login on hundreds, even thousands of websites and services.
Multi-Factor Authentication (MFA)
A good SSO strategy will allow you to use one set of credentials but without additional risk. How? By employing additional methods to establish more completely that the person attempting to log in is really you and not an imposter.
Those methods of multi-factor authentication can include:
- A one-time code sent to your phone or email.
- A digital certificate stored securely on your PC.
- Challenge questions (such as the street you grew up on or where you were married).
The
bad actor may have your username and password, but doesn’t have your phone or
your PC. And if you’ve been discreet with your personal information, you can
hope the hacker doesn’t know the answers to your challenge questions.
Google, Facebook, probably your bank, and many other sites make multi-factor
authentication available to you today. You should use it.
Federated Identity Management (FIM)
Federated Identity Management applies an additional level of security to multiple sites or business platforms. FIM differs from SSO, and they’re often used together. While federated identity management can make use of SSO, single sign on does not include FIM.
FIM provides a way to connect many identity management systems. It is a pre-configured trust agreement between entities that your securely established authentication (using some form of MFA) can be accepted without going through the authentication process.
The ID Federation Trust Framework is an FIM providing SSO via SignOn Once.
FIM speeds access to a broad array of resources, but it requires all participating companies to comply with a neutral standard or framework set managed by a third party. Essentially, Business A “proves” it is really you by requiring an additional step in authentication (MFA). Then, when you navigate to Business B, a token is passed from Business A that states you are a securely authenticated user. Business B trusts that token and allows access based on the previously arranged trust relationship with Business A.
This trust arrangement between organizations requires both technical and non-technical agreement that holds each organization accountable to standard protocols and behaviors. This upfront effort may require participation from business leaders, information technology staff, and security personnel.
The Benefits of FIM
But the return on this investment is faster and smoother business processes, fewer help desk calls, and enhanced security.
Think of how you use your agency management system to connect to multiple carriers and how you jump across multiple identity domains repeatedly. This dynamic relationship between agents, carriers, aggregators and other business assistance platforms would be significantly easier if you could use the same credentials across all of them in a secure fashion.
The internal setup work required to make this possible must be done by the AMS vendor and carrier, but the concepts discussed here are what ID Federation’s SignOn Once is all about. ID Federation is that managing third party for the independent agency channel. And ID Federation offers you the convenience of SSO.
Why Your Agency Needs SignOn Once by ID Federation
As an agent, you are falling under increasing regulatory scrutiny and you’re at increasing risk of a breach. You need the best security you can obtain from every platform you use. You can employ an enterprise password management program for your agency’s non-insurance business — such as banking transactions or payments to creditors.
But for insurance transactions, your simplest and safest method for connecting to partners is SignOn Once by ID Federation. It employs a universal Trust Framework that is seamless, invisible, and free to agencies. It allows your agency users to conduct insurance transactions with every participating partner with only the ID and password you use to log into your management system, saving you both time and money. For a list of carriers who are now or soon will be participating in ID Federation, visit the organization’s membership page.
While you wait for all insurance carriers that serve the independent agency channel to participate in ID Federation, take these steps:
- Consider conducting business with the ID Federation-member carriers who have shown their commitment to streamlined credential management for you, their customer.
- If your primary carriers are not participating, use the template on the ID Federation website under the Agent section to send your carriers a message encouraging them to join.
- If your management system platform includes password management for non-participating carriers, take advantage of it.
Next, we will discuss why and how you can influence your carriers to do the upfront work that will ensure the way you engage with them is the easiest and most secure way to do business.
Kevin Baker is information security leader of Westfield Insurance, Westfield Center, Ohio.
Westfield is committed to offering its agencies SignOn Once by ID Federation. Are your carriers?
Here’s an easy, automated email you can use to tell your carriers that your agency needs SignOn Once.
